hello again,
i'm still trying to use the pkcs#1 signature
generated on the smart card.
the signature is added to the pdf, but acrobat says,
that the signature is invalid, because the document has been altered.
can somebody give m a hint why that is ?
hans
============================= code ====================================
byte[] signPdf(byte[] pdfData) {
ByteArrayOutputStream bout = new ByteArrayOutputStream();
try {
PdfReader reader = new PdfReader(pdfData);
PdfStamper stp = PdfStamper
.createSignature(reader, bout, '\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
Certificate[] cert_arr = new Certificate[1];
cert_arr[0] = this.certSig;
//no private key available,
//because it's stored on the smart card
sap.setCrypto(null, cert_arr, null,
PdfSignatureAppearance.WINCER_SIGNED);
sap.setReason("reason");
sap.setLocation("location");
sap.setVisibleSignature(new Rectangle(100, 100, 200, 200),
1, null);
//the hash does have 20 byte, but what about the digest ?
//--> does the size of the array matter here ?
sap.setExternalDigest(new byte[128], new byte[20], "RSA");
sap.preClose();
MessageDigest messageDigest =
MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
InputStream inp = sap.getRangeStream();
ByteArrayOutputStream b = new ByteArrayOutputStream();
while ((n = inp.read(buf)) > 0) {
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
PdfSigGenericPKCS sg = sap.getSigStandard();
PdfLiteral slit = (PdfLiteral)sg.get(PdfName.CONTENTS);
byte[] outc = new byte[(slit.getPosLength() - 2) / 2];
PdfPKCS7 sig = sg.getSigner();
//signing the hash is done on the smart card
//Signature sign = Signature.getInstance("SHA1withRSA");
//sign.initSign(key);
// sign.update(hash);
//ASN.1
byte[] digestInfo = HexString
.parseHexString("3021300906052b24030201050004140000000000000000000000000000000000000000");
System.arraycopy(hash, 0, digestInfo, 0x0f, 0x14);
//the returned signature is pkcs#1
byte[] signature = sign(digestInfo,netKeyPath);
sig.setExternalDigest(signature,digestInfo, "RSA");
PdfDictionary dic = new PdfDictionary();
byte[] ssig = sig.getEncodedPKCS7();
System.arraycopy(ssig, 0, outc, 0, ssig.length);
dic.put(PdfName.CONTENTS,
new PdfString(outc).setHexWriting(true));
sap.close(dic);
} catch (...){}
return bout.toByteArray();
}
private byte[] sign(byte[] digestInfo, CardFilePath path)
throws CardServiceException, CardTerminalException,
NoSuchAlgorithmException, InvalidKeyException {
byte[] result = null;
PrivateKeyFile privateKeyFile = null;
privateKeyFile = new PrivateKeyFile(path, 0x80);
// - Secure Messaging
chvcs.provideCredentials(null, desedeBag);
chvcs.verifyPassword(path, 0x81, pin);
chvcs.provideCredentials(null, passThruBag);
//signing the hash on the card
result = scs.signHash(privateKeyFile, "RSA", digestInfo);
return result;
}
============================= code ====================================
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
